Steps to Take When Business Passwords Have Been Compromised

The worst has happened—one of your company passwords has been compromised. Whether it was a direct cyberattack or carelessness by an employee, it’s scary and can have a deep-reaching impact on the business as a whole. Luckily for you, nothing was stolen and the account has been recovered. You got lucky this time, but there are steps you need to take right away before you can comfortably move forward into the future.

The unfortunate truth is that most of us don’t take our passwords seriously enough. This is because we’re hardwired to create passwords we can remember, and, with so many online accounts to keep track of, we often forget we’ve even reused a password or two. Some people even use the same password for every one of their accounts!

Here are some steps to take once a business password has been compromised.

Identify Weaknesses

First, it’s time to perform a thorough review of your business’s cybersecurity tools and systems that are in place. What tools could you acquire to help further secure your online activity? Do your employees create good passwords? There are a million ways a breach can occur, so get ready for a long process of carefully combing through your cybersecurity system for potential weaknesses. While it’s true that no system can be perfect, yours was just breached, so even a small improvement can be infinitely beneficial.

Don’t sugar-coat things, either. We tend to sugar-coat major problems when they could mean extensive change, but in the case of a breached company password, sugar-coating the problem could potentially doom your entire organization. It’s ok to make a mistake. Someone, somewhere, made a mistake in either password management or creation. Let’s make sure it doesn’t happen again. 

Get A Password Manager

If you’re not already using a password manager, that was your first mistake. Password managers are no longer a luxury that you can go without; they’re a business necessity in today’s online world. With pretty much everything in the digital world, there’s a serious need for better cybersecurity, whether you’re a large corporation or a small startup. Get a password manager for business that you can trust to store, manage, and organize all of your company’s credentials. Services like Keeper are the perfect fit for any sized business, and also offer things like dark web monitoring to notify you if passwords or information about you or the business is being shared on the dark web.

There’s simply no excuse anymore to not have a password manager, especially because they’re so affordable. A breach can potentially cost your business hundreds of thousands of dollars, whereas a password manager will only cost a few dollars per month. I’d like to think the latter is the better choice, especially because a hundred-thousand-dollar security breach bill might just put your entire organization into bankruptcy.

Change Your Passwords

Did you know that only a third of users actually change their passwords following a data breach? You did already change your passwords, right? If not, you’re setting yourself up for further trouble, and a potentially life-threatening (meaning the life of the business) attack next time around. It seems obvious that you would change your passwords after a breach, but that opening statistic seems to prove otherwise.

It’s a good idea to have everyone in the business change their passwords following a breach, and not to reuse any passwords or anything that sounds remotely like the old passwords. The problem with a data breach is that sometimes you just don’t know how extensive it is, so it’s a good idea to just change everything. 

Take Cybersecurity And Password Management More Seriously

Becoming the victim of a data breach doesn’t necessarily mean you aren’t taking cybersecurity seriously, but it does mean that you need to take it more seriously in the future. That means cracking down on poor password habits, looking over your weaknesses, and being honest with yourself and your employees.

Use a password manager, change passwords often, and hire a security expert to identify potential weaknesses. The cost of this maintenance will be a small fraction of what another attack could cost you, so make the investment!

Make Password Training Mandatory

There’s simply no way around it—you need to make password training mandatory for everyone. Because you can’t always keep track of everyone’s passwords, you need to start teaching your employees good password habits. They’ll carry those habits into their personal lives, too, making for a more secure internet for everyone. The more seriously we take our passwords, the better off we’ll all be in the long run. 

The Bottom Line

More often than not, good password habits can mean the difference between life and death for a business. The huge cost of a data breach would be enough to put most small businesses on their death beds, and even large corporations feel the sting of settlements, security costs, and potentially compromised financial accounts. The bottom line? It’s time to start taking passwords more seriously.

About Mohit Tater

Mohit is the co-founder and editor of Entrepreneurship Life, a place where entrepreneurs, start-ups, and business owners can find wide ranging information, advice, resources, and tools for starting, running, and growing their businesses.